Need to write DSL to check if these 4 events occur within 1 second

1. 31628 2021-02-13T00:20:49.325893Z - xyz svn/repos open
2. 31628 2021-02-13T00:20:49.607437Z - xyz svn/repos get-latest
3. 31628 2021-02-13T00:20:49.888794Z - xyz svn/repos reparent 
4. 31628 2021-02-13T00:20:50.170101Z - xyz svn/repos stat`

I need to write DSL query such that, it should show up document groups like these (i.e., group of 4 documents with open, get-latest, reparent, stat). All 4 must be within one second range as shown in above logs.

Please help me, If this is possible with DSL.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.